The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 18 Issue 30

Thursday 8 August 1996

Contents

o America Off-Line
PGN
o AOL outage: risks of scaling inappropriately
Joel M Snyder
o Trains fail to trigger computerized crossing gates
Mark Brader
o The Crash Detectives: USAir Flight 427
Jonathan Harr in the *New Yorker*
o A bug in the zipcode-catalog
Martin Minow
o Occam's Razor debunked
David Bruce via Peter M. Weiss
o International Hacking Incident
Andrew Blyth
o New system blamed for missed payments
David Kennedy
o Kirk Enterprises: What's in a name?
Andrew Koenig
o The increasing complexity of everyday life
Rshek
o Department of Motor Vehicle records available On-Line
Rich Ellermeier
o "Anonymous" phone tips and Calling Number Identification
Michael Cook
o Re: Where Wizards Stay Up Late
Danny Cohen
o Re: IBM's Olympic Systems
Dave Wortman
o Re: Computers causing power outages
Paul Peters
o Info on RISKS (comp.risks)

America Off-Line

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 8 Aug 96 8:34:26 PDT
America Online's computer systems (near the Dulles Airport facility in
Virginia) went down at 4am EDT on 7 Aug 1996.  Service was reportedly
restored sporadically 19 hours later, around 11pm EDT.  The crash was caused
by new software installed during a scheduled maintenance update.  The 16
million people affected will apparently be given a free day of service
(hopefully in addition to yesterday!).  (AOL noted that this problem was
different from their one-hour outage on 19 June 1996.)

  * ``It's another reminder of how close to the edge a lot of these
  systems are,'' said Richard Zwetchkenbaum (International Data Corp)...
  [No news to RISKS readers]

According to David Einstein (*San Francisco Chronicle*, 8 Aug 1996, p.A1),
AOL officials have bragged about the reliability of their system.  In fact,
earlier this week one representative told The Chronicle that AOL computers
are ``virtually immune'' to this kind of outage.  [Virtual immunity is no
virtue?]

  [Outage also noted by David Kennedy <76702.3557@CompuServe.COM>.]


AOL outage: risks of scaling inappropriately

"Joel M Snyder, Now Overwhelmed Again" <Joel_M_Snyder@Opus1.COM>
Thu, 08 Aug 1996 08:33:30 -0700 (MST)
The repercussions of this were felt a long way away from AOL.

One of my clients is a public organization which sends out tens of
thousands of messages a day advising people on the current status of
pending legislation.  People are encouraged to subscribe to this free
service to follow their favorite bills.

Yesterday morning, I got a call because their mail system was backing
up heavily.  It took a while to discover the cause, but it turned
out to be AOL.  Because AOL's incoming mail from the Internet runs on
relatively slow systems, and because they receive hundreds of thousands of
Internet messages a day, they have 30 systems to receive incoming mail, all
pointed at from the AOL.COM name.  That means that any mail system trying
to send mail to AOL would have to individually try all 30 addresses before
giving up.  Translate that to a 60 second (typical) wait for a connection
timeout, and you've got a 30 minute time-in-queue for an AOL message.

Well, this client was using multi-threaded mailers, but because of AOL's
massive presence on the Internet & the large number of messages addressed
to them, AOL messages ended up clogging up all of the outgoing queue spots.
Hundreds of them.

The solution, unfortunately, is to treat AOL mail separately from other
Internet mail.  It now gets its own queue and is specifically segregated
away from other mail so that this doesn't impact other users.  The downside
of this is that ALL AOL mail is now operated (implicitly) at a lower
priority than other Internet mail, which means that AOL users have
effectively become second-class citizens.

The risk?  While growing so large (and having all your eggs in one basket)
offers tremendous economies of scale, it has other exogenous effects.  We
are already familiar with the implicit social reaction that AOL's marketing
strategy has brought on all their users from some corners of the Internet:
"oh you're from AOL, you must be clueless," a sort of techno-racism aimed at
the profile of the typical AOL user.  Now, AOL's size may cause their users
other discrimination of a more technical nature.

Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719  +1 520 324 0494 (voice)
+1 520 324 0495 (FAX) jms@Opus1.COM    http://www.opus1.com/jms


Trains fail to trigger computerized crossing gates

<msb@sq.com>
Tue, 6 Aug 96 16:14:29 EDT
A recent posting in misc.transport.urban-transit cites a 3 Aug 1996 article
in *Newsday*, the major newspaper of Long Island, NY.

The Long Island Rail Road, a commuter railway connecting New York to the
Long Island suburbs, recently tested three level crossings after a train
passed one of them and its driver noticed that the gates did not operate.
The three crossings, all in a place called Sayville, each "use the same
microprocessor" and are the only ones on the LIRR to do so.  The failure
proved to be reproducible at two out of the three.

This would make me wonder about the third one, not to mention level
crossings on other railways where the same hardware may be in use.
(For instance, if the problem is a bug in the programming, it might well
be one that comes and goes quasi-randomly.  Of course, it might also be
a failure any of several other sorts.)  As a short-term measure, the
LIRR stationed their police at each of the three crossings.

The LIRR also suffered similar problems last year, but says that the two
cases are "apparently unconnected".

I don't know why the crossing gate needs a microprocessor.  One possible
reason would be if trains regularly travel on that part of the line at
widely differing speeds; then the crossing gates could be lowered at the
same time interval in front of a faster or a slower train.

Mark Brader msb@sq.com  SoftQuad Inc., Toronto


The Crash Detectives: USAir Flight 427

"Peter G. Neumann" <neumann@csl.sri.com>
Fri, 2 Aug 96 16:21:47 PDT
Jonathan Harr has a fascinating article (*The New Yorker*, 5 Aug 1996) on
the process of trying to unravel the still unexplained crash of USAir flight
427, a Boeing 737, on approach to Pittsburgh on 8 Sep 1994.  The discussion
seems timely in the light of the recent TWA 800 disaster,


A bug in the zipcode-catalog

Martin Minow <minow@apple.com>
Wed, 31 Jul 1996 17:00:22 -0700
>From the Swedish newspaper, Svenska Dagbladet, 1 Aug 1996, reported
by Nils-Olov Ollevik.

http://www.svd.se/svd/ettan/X0002_Bugg.html

An incorrect comma [Sweden uses commas to separate integer and fraction,
where the USA uses a period] can cause problems, especially when dealing
with billing and accounting. The other day, a businessman was about to
send an invoice to one of its customers and, at the last minute, discovered
that the computer wrote an invoice for 1.5 million kroner instead of the
150,000 that he intended.

The analysis determined that the CD version of the Swedish postnumber
(zipcode) catalog contains a programming error -- a bug -- that can modify
certain programs that are already loaded into the computer.  This affects
the popular administrative programs from from Scandinavian PC Systems, SPCS,
in Vaxjo [Sweden].

"As far as I know, only the SPCS-programs are affected, but this is
unacceptable no matter how large or small the problem is" according to
product manager Jan Hultgren from the Swedish Post Office, who is
responsible for the catalog.  ... The error is in the way the CD program
handles installation in the Windows operating system. It would be strange if
only our program was affected.

According to Jonas Svensson of SPCS, the post office program automatically
changes Windows installations, such as the placement of commas together with
digits. "The error is easy to fix as long as you are aware of it," said
Svensson.

.. The Post Office sold about 100,000 copies of the CD-catalog.

Translated (quickly) by

Martin Minow, minow@apple.com


Occam's Razor debunked

"Peter M. Weiss +1 814 863 1843" <PMW1@PSUVM.PSU.EDU>
Sat, 3 Aug 96 09:44 EDT
QUADNET, 2 AUG 1996
RAZOR THEORY LEFT IN SHREDS

A Deakin University academic has cast new light on a basic philosophical and
scientific problem that has been subject to debate for more than 2000 years.
And this has thrown doubt on the accuracy of many data analysis techniques
commonly used in business computing.

"Occam's razor, a principle dating back at least as far as Aristotle,
suggests that we should accept the simplest explanation consistent with all
the known facts.  This previously untested principle is widely used in
current scientific practice," said Dr Geoff Webb, of Deakin's School of
Computing and Mathematics in Australia.

Dr Webb has put this principle to the test, and found it wanting.

Occam's razor is a guiding principle in computers known as machine learning
systems, a form of artificial intelligence.  Tasks commonly employed in
machine learning cover such diverse areas as medical diagnosis and
identification of glass fragments collected at the scene of an accident.

Dr Webb's research has found that when put into practice Occam's razor
doesn't work. "The results are clear cut: Occam's razor is worse than blunt,
it is truly disposable," he said.

To test the theory, Dr Webb modified a widely used machine learning system
that uses Occam's razor combined with a principle based on the assumption of
similarity. The modified version of the system abandoned Occam's razor and
relied solely on the principle of similarity.  The theories developed by the
modified system were more accurate than the version that used Occam's razor.

Among the many users of machine learning systems are a new wave of computer
scientists calling themselves "data miners". These scientists use machine
learning systems based on Occam's razor to extract information from vast
quantities of data.

Data miners are employed by retailers to identify new customers; the
taxation office to identify tax fraud; by banks to help decide who should
receive loans; by stock brokers to select investments; and recently by
astronomers to identify 16 new quasars.

"Data mining seeks to extract information from data.  By using Occam's
razor, data miners are potentially missing much of the information in the
data. That translates directly into missed business opportunities," Dr Webb
warns.

"Occam's razor guides the user to look for simple explanations.  But what
good are simple explanations of a complex world?" he said.

Dr Geoff Webb can be contacted on webb@deakin.edu.au

Issued by:
David Bruce, Media Manager, Deakin University, Australia
Phone: 61 3 9244 5268  Email: db@deakin.edu.au

David Bruce, Communications, Deakin University - 1995 University of the Year
db@deakin.edu.au  (03) 9244 5268  (03) 9822 1379 fax


International Hacking Incident

Andrew Blyth <ajcblyth@glamorgan.ac.uk>
Mon, 5 Aug 1996 13:37:32 +0000
The following is taken from the *Sunday Times* (London, 4 Aug 1996):
American Intelligence agents have hacked into the computers of the European
parliament and European commission as part of an international espionage
campaign aimed at stealing economic and political secrets. The commission
has called in security expert to block further American government agents
spying on its workings.

Security officials have disclosed that they have discovered several
instances in which its communications systems have been compromised by
American hacking. The have also found evidence that the Americans have used
information obtained by hacking to help in trade negotiations last year on
the General Agreement on Tariffs and Trade (GATT).

The CIA has already been accused by the Japanese and the French governments
if hacking into their communications networks in an attempt to obtain
confidential trade secrets.

The European parliament computer network links together more that 5,000
computers, and it is used to private medical, financial and official
government documents.

Dr Andrew Blyth, Department of Computer Studies, University of Glamorgan
Pontypridd  Mid Glamorgan CF37 1DL, UK +44 1443 48 2245


New system blamed for missed payments

David Kennedy <76702.3557@CompuServe.COM>
31 Jul 96 15:27:10 EDT
[Courtesy of Associated Press via CompuServe's Executive News Service,
30 Jul 1996]

Missed Payments (By Catherine O'Brien, Associated Press Writer)

<>   WASHINGTON (AP) -- Rep. John Dingell says the rent on his
<>district office was not paid one month. Rep. Ron Klink's phone service
<>was nearly shut off because the bill was not paid by the House.
<>   They and other House Democrats said Tuesday they were embarrassed
<>that the government has missed some payments to businesses in their
<>districts. And in this election year, they insisted that when
<>Democrats were in charge the checks went out on time.

<< DMK: Partisan sniping from both sides deleted <>

<>   In June, the House's chief administrative officer, Scott
<>Faulkner, switched to a financial management system that
<>included new computer software. Klink said the change was made
<>despite a warning from Price Waterhouse that it would take two
<>years or more to get the House up and running on the new system.

o   House members are each checking with their offices to see that various
accounts have been paid or are outstanding.

Dave Kennedy [CISSP] InfoSec Recon Team Chief, National Computer Security Assoc


Kirk Enterprises: What's in a name?

Andrew Koenig <ark@research.att.com>
Mon, 5 Aug 1996 13:45:43 +0400
There is a small company in Indiana, called Kirk Enterprises, that makes
various kinds of gadgets for attaching cameras and lenses to tripods.  I was
interested in information about one of their products, so I thought I'd see
if they had a web page.

I went to Lycos and did a search for `Kirk Enterprises.'  What came back was
a flood of references to Star Trek.

Andrew Koenig  ark@research.att.com

  [For oldtimers, that would rate well on the Kirkman Laugh Meter.  PGN]


The increasing complexity of everyday life

<Rshek@aol.com>
Tue, 6 Aug 1996 09:47:52 -0400
One of my colleagues circulates Risks Digest here and I like to look through
it. I was interested to read about the ever increasing complexity of life
and the proliferation of remote controls, manuals, batteries, and the like.
The risk here is not that the world will become overly complex and then
fail, leaving us lost, blind, and bewildered. The risk, rather, is that we
people will become overly dependent on external things and lose sight that
what we require is inside us.

BUT what if the electricity and telephones go kablooie at the SAME time??
We can try any of the time honored activities of all human beings: we can
tell stories, we can sing, we can dance, we can think, we can meditate, we
can talk to the people who share our houses or apartments or dorms, we can
light candles, we can build fires, and we can read books.  With so many new
tools and technologies it is easy to think that without the latest or our
favorite we can't thrive or succeed or have fun or be ambitious. But that is
fallacy. The best use of technology is to blend it with our human powers.


Department of Motor Vehicle records available On-Line

"Rich Ellermeier" <richarde@pcx.ncd.com>
Wed, 7 Aug 1996 13:20:45 -0700
In the State of Oregon, it is legal to purchase Department of Motor Vehicle
Records from the state (RISK 1).  These records have been purchased, placed
on a CD and made available through a newspaper advertisement.  Now, on a
local ISP, someone has made these records available publicly via a data
base search based on the license plate (RISK 2).  After looking at the data
with some friends, we have found that some of the information is, in fact,
wrong or out-of-date (RISK 3).

RISK 1: The state of Oregon should NOT be allowed to make available this
      information.  Among the type of information that will be displayed:
        vehicle type, make, model, year and style
        vehicle Identification Number (VIN)
        vehicle title number
        Plate expiration date
        Owner name, address and Driver's License number (For ALL owners)
        Security interest holder and their address.

RISK 2: The ease of access may cause this information to be used in a illegal
      manner.  By hanging out at the long-term parking lot of an airport,
      one would be able to identify the name and address a traveler making
      that traveler's home vulnerable to thieves.  This information could
      easily be used by stalkers and those who wish to have their privacy
      protected.  An unlisted phone number and address in the phone book
      is easily circumvented when that information is easily accessible
      with just a license plate number.

Risk 3: A friend sold a car five months ago, yet in this database, he is
      still identified as the owner.  Should the new owner do something
      on the road that provokes "road rage" in another driver, a quick
      search of the data via license plate number will find that my
      friend is the owner and the potential for him becoming a "road
      rage" victim increases,  through no fault of his own.

It strikes me that there are multiple parts of the problem that need to be
fixed.  The DMV should, by law, not be able to sell this information.
However, the one issue that I believe the internet/web has not come to
terms with yet is the one that has always plagued a free society--the limits
of that freedom.  While it may be legal to make this information available
in this manner, the moral and ethical implications of doing so need to be
carefully considered.

--rich <richarde@pcx.ncd.com>


"Anonymous" phone tips and Calling Number Identification

Michael Cook <mlc@iberia.cca.rockwell.com>
Thu, 8 Aug 1996 09:26:44 -0500
I thought I'd pass along something that has recently happened at my company.
This summer, we had a new phone system installed, with fancy phone features
of various kinds, voice-mail for each phone, callback, conference calls,
etc.

One of the features is Calling-Number Identification.  When a call is
received, the incoming phone number is display on our phones.  If the call
is from a company extension, that person's name (or some group function
name) is also displayed.  (So, the usual Caller-ID good/bad points are
raised.)

For some time, our company has had an anonymous Ombudsman phone number for
reporting suspected company ethics violations or other business policy
misconduct.  But with the new phone system, the Ombudsman phone had CNID!
Not-so-anonymous reporting.

To its credit, the company has installed a new phone line.

"Since the installation of the new ... telephone system, concern has been
expressed that employees can no longer make an anonymous report of a
violation or suspected violation.  A new phone line has been installed that
cannot display phone numbers of incoming calls.  Those wishing to remain
anonymous may call ..."

I haven't checked yet whether it is possible on our system to block CNID on
selected phone calls.

Michael Cook  MLCOOK@CCA.ROCKWELL.COM


Re: Where Wizards Stay Up Late (RISKS-18.29)

Danny Cohen <cohen@rand.org>
Thu, 01 Aug 96 14:30:45 PDT
.. and why the service was so bad across the country, why both dropped 40%?

> Perhaps the real problem is that the wizards are no longer staying up late
> enough, or that the new quasiwizards are not familiar enough with history
> and the sense of accomplishment that prevailed in the ARPAnet days.  [PGN]

The reason is not lack of sense of history.  My first computer/computer
communication project was done in summer 1967 for Larry as he moved from LL
to ARPA.  I can relate to your concern about that "lack of sense of
history").

The reason is that now someone must pay for the packets to travel.  It was
nice in the old days when Larry and Bob willingly paid for all our packets.
Now they don't.  No wonder that the existing charging mechanism pushes the
demand beyond the supply.  Larry, Bob, Vint, and others (in ARPA, NSF, DoE,
and NASA) took it upon themselves to always provide excess supply (at least
they tried to).

Most users believe that they have a constitutional right for free network
services since most scholars would agree that packet communication falls
under "the pursuit of happiness".  The present charging scheme encourages
exponential growth of the demand, limited only by the frustration caused by
the insufficient supply.  If you were willing to pay the real cost of that
Telnetting, the packet would have gone through.  This is what many
corporations do.  Phone calls go through because we (or someone else) pay
for each.  We, who are used to practically free rides suffer.

If you really want to help solve the problem you better introduce the
subject of "RISKS of not paying for what you get".  Sigh.

    It used to be so nice when they paid for us...  Danny


Re: IBM's Olympic Systems

Dave Wortman <dw@pdp1.sys.toronto.edu>
Fri, 2 Aug 1996 10:27:44 -0400
Since there's been a lot of discussion of the IBM Computer Systems
deployed at the Atlanta Olympic games, some might be interested
in IBM's description of the system at:

    http://www.olympic.ibm.com/o_tech/index.html

The link

  "Everything else you'd like to know about IBM's 1996 Olympic Games Activity"

leads to fairly comprehensive documentation.

  [Incidentally, I am happy to hear from various sources reports that things
  have settled down since the early problems of these Olympic Games.  PGN]


re: Computers causing power outages (Sessions, RISKS-18.29)

Paul Peters <PPeters@DOCKMASTER.NCSC.MIL>
Fri, 2 Aug 96 12:37 EDT
In the subject posting, D.C. Sessions states that "Constant-power loads
exhibit negative resistance".  While they present a non-linear load, there
is no reasonable way to describe them as negative resistance.  He further
confounds his thesis by using the electric light as an example of constant
impedance.  The incandescent lamp is a highly non-linear impedance and more
closely resembles a constant-power load than it does a constant impedance
load.

Paul E. Peters

Please report problems with the web pages to the maintainer

Top